From 61d3c1fe9a0ca4b1ef755d17e5ca351bb9ca00e9 Mon Sep 17 00:00:00 2001 From: donggyu Date: Thu, 2 Nov 2023 13:11:21 +0900 Subject: [PATCH] minor modification for skb installation --- .../tks-admin-tools/site-values.yaml | 20 +- .../tks-admin-tools/site-values.yaml | 240 +++++++---- .../tks-admin-tools/site-values.yaml | 240 +++++++---- .../service-mesh/site-values.yaml | 402 +++++++----------- 4 files changed, 475 insertions(+), 427 deletions(-) diff --git a/byoh-reference/tks-admin-tools/site-values.yaml b/byoh-reference/tks-admin-tools/site-values.yaml index d0eeae9..b3afbe0 100644 --- a/byoh-reference/tks-admin-tools/site-values.yaml +++ b/byoh-reference/tks-admin-tools/site-values.yaml @@ -16,6 +16,10 @@ charts: auth.adminPassword: $(commonPassword) ingress.enabled: true ingress.hostname: TO_BE_FIXED + ingress.annotations: + nginx.ingress.kubernetes.io/proxy-buffer-size: 20k + acme.cert-manager.io/http01-edit-in-place: "true" + cert-manager.io/cluster-issuer: http0issuer externalDatabase.host: $(dbHost) externalDatabase.password: $(commonPassword) @@ -47,7 +51,7 @@ charts: ingress: hosts: core: TO_BE_FIXED - className: "nginx" + className: "nginx" externalURL: TO_BE_FIXED persistence: persistentVolumeClaim: @@ -74,21 +78,21 @@ charts: database: type: external external: - host: $(dbHost) + host: $(dbHost) password: $(commonPassword) sslmode: "require" core: - replicas: 2 + replicas: 2 jobservice: - replicas: 2 + replicas: 2 registry: - replicas: 2 + replicas: 2 chartmuseum: - replicas: 2 + replicas: 2 trivy: - replicas: 2 + replicas: 2 portal: - replicas: 2 + replicas: 2 harborAdminPassword: $(commonPassword) - name: ingress-nginx diff --git a/byoh-ssu-reference/tks-admin-tools/site-values.yaml b/byoh-ssu-reference/tks-admin-tools/site-values.yaml index d0eeae9..248e9b9 100644 --- a/byoh-ssu-reference/tks-admin-tools/site-values.yaml +++ b/byoh-ssu-reference/tks-admin-tools/site-values.yaml @@ -9,98 +9,164 @@ global: storageClass: ${STORAGE_CLASS} storageClassHa: ${STORAGE_CLASS_HA} + charts: -- name: keycloak - override: - global.storageClass: $(storageClass) - auth.adminPassword: $(commonPassword) - ingress.enabled: true - ingress.hostname: TO_BE_FIXED - externalDatabase.host: $(dbHost) - externalDatabase.password: $(commonPassword) + - name: keycloak + override: + global.storageClass: $(storageClass) + auth.adminPassword: $(commonPassword) + ingress.enabled: true + ingress.tls: false + ingress.hostname: TO_BE_FIXED + ingress.ingressClassName: "f5" + ingress.annotations: + ingress.kubernetes.io/allow-http: "false" + ingress.kubernetes.io/ssl-redirect: "true" + virtual-server.f5.com/clientssl: '[ { "hosts": [ "skbroadband.com" ], "bigIpProfile": + "/Common/skbroadband" } ]' + virtual-server.f5.com/health: | + [ + { + "path": "TO_BE_FIXED", + "send": "HTTP GET /", + "interval": 5, + "timeout": 10 + } + ] + virtual-server.f5.com/ip: TO_BE_FIXED + virtual-server.f5.com/partition: TO_BE_FIXED + externalDatabase.host: $(dbHost) + externalDatabase.password: $(commonPassword) + + - name: tks-apis + override: + gitBaseUrl: https://github.com + gitAccount: decapod10 + db: + dbHost: $(dbHost) + adminPassword: $(commonPassword) + dbUser: tksuser + dbPassword: $(commonPassword) + tksapi: + replicaCount: 1 + tksAccount: + password: $(commonPassword) + image: + repository: harbor.taco-cat.xyz/tks/tks-api + pullPolicy: Always + tag: v3.1.0 + args: + kubeconfigPath: "" + + externalGiteaUrl: TO_BE_FIXED + + keycloakAddress: http://keycloak.keycloak.svc.cluster.local/auth + keycloakAdmin: admin + keycloakPassword: $(commonPassword) + + mailProvider: smtp + smtpHost: TO_BE_FIXED + smtpPort: TO_BE_FIXED + smtpUsername: TO_BE_FIXED + smtpPassword: TO_BE_FIXED + smtpFromEmail: TO_BE_FIXED -- name: tks-apis - override: - gitBaseUrl: https://github.com - gitAccount: decapod10 - db: - dbHost: $(dbHost) - adminPassword: $(commonPassword) - dbUser: tksuser - dbPassword: $(commonPassword) - tksapi: - replicaCount: 1 - tksAccount: - password: $(commonPassword) - args: - imageRegistryUrl: "harbor.taco-cat.xyz/appserving" - gitRepositoryUrl: "github.com/openinfradev" - keycloakAddress: http://keycloak.keycloak.svc:80/auth - tksbatch: - replicaCount: 1 - tksconsole: - replicaCount: 1 + tksbatch: + replicaCount: 1 + image: + repository: harbor.taco-cat.xyz/tks/tks-batch + pullPolicy: Always + tag: v3.1.0 + args: + tksApiPassword: $(commonPassword) + tksconsole: + replicaCount: 1 + image: + repository: harbor.taco-cat.xyz/tks/tks-console + pullPolicy: Always + tag: v3.1.0 -- name: harbor - override: - expose: - ingress: - hosts: - core: TO_BE_FIXED - className: "nginx" - externalURL: TO_BE_FIXED - persistence: - persistentVolumeClaim: - registry: - storageClass: $(storageClassHa) - accessMode: ReadWriteMany - size: 200Gi - chartmuseum: - storageClass: $(storageClassHa) - accessMode: ReadWriteMany - size: 20Gi - jobservice: - jobLog: + - name: harbor + override: + ipFamily: + ipv6: + enabled: false + expose: + tls: + enabled: false + ingress: + annotations: + ingress.kubernetes.io/allow-http: "false" + ingress.kubernetes.io/ssl-redirect: "true" + virtual-server.f5.com/clientssl: '[ { "hosts": [ "skbroadband.com" ], "bigIpProfile": + "/Common/skbroadband" } ]' + virtual-server.f5.com/health: | + [ + { + "path": "TO_BE_FIXED", + "send": "HTTP GET /", + "interval": 5, + "timeout": 10 + } + ] + virtual-server.f5.com/ip: TO_BE_FIXED + virtual-server.f5.com/partition: TO_BE_FIXED + hosts: + core: TO_BE_FIXED + className: "f5" + externalURL: TO_BE_FIXED + persistence: + persistentVolumeClaim: + registry: storageClass: $(storageClassHa) accessMode: ReadWriteMany - scanDataExports: + size: 200Gi + chartmuseum: storageClass: $(storageClassHa) accessMode: ReadWriteMany - redis: - storageClass: $(storageClass) - accessMode: ReadWriteOnce - trivy: - storageClass: $(storageClass) - database: - type: external - external: - host: $(dbHost) - password: $(commonPassword) - sslmode: "require" - core: - replicas: 2 - jobservice: - replicas: 2 - registry: - replicas: 2 - chartmuseum: - replicas: 2 - trivy: - replicas: 2 - portal: - replicas: 2 - harborAdminPassword: $(commonPassword) + size: 20Gi + jobservice: + jobLog: + storageClass: $(storageClassHa) + accessMode: ReadWriteMany + scanDataExports: + storageClass: $(storageClassHa) + accessMode: ReadWriteMany + redis: + storageClass: $(storageClass) + accessMode: ReadWriteOnce + trivy: + storageClass: $(storageClass) + database: + type: external + external: + host: $(dbHost) + password: $(commonPassword) + sslmode: "require" + core: + replicas: 2 + jobservice: + replicas: 2 + registry: + replicas: 2 + chartmuseum: + replicas: 2 + trivy: + replicas: 2 + portal: + replicas: 2 + harborAdminPassword: $(commonPassword) -- name: ingress-nginx - override: - controller: - resources: - requests: - cpu: 2000m - memory: 4Gi - service: - externalTrafficPolicy: Local - type: NodePort - config: - enable-underscores-in-headers: "true" - proxy-body-size: "10m" + - name: ingress-nginx + override: + controller: + resources: + requests: + cpu: 2000m + memory: 4Gi + service: + externalTrafficPolicy: Local + type: NodePort + config: + enable-underscores-in-headers: "true" + proxy-body-size: "10m" diff --git a/byoh-stage-reference/tks-admin-tools/site-values.yaml b/byoh-stage-reference/tks-admin-tools/site-values.yaml index d0eeae9..248e9b9 100644 --- a/byoh-stage-reference/tks-admin-tools/site-values.yaml +++ b/byoh-stage-reference/tks-admin-tools/site-values.yaml @@ -9,98 +9,164 @@ global: storageClass: ${STORAGE_CLASS} storageClassHa: ${STORAGE_CLASS_HA} + charts: -- name: keycloak - override: - global.storageClass: $(storageClass) - auth.adminPassword: $(commonPassword) - ingress.enabled: true - ingress.hostname: TO_BE_FIXED - externalDatabase.host: $(dbHost) - externalDatabase.password: $(commonPassword) + - name: keycloak + override: + global.storageClass: $(storageClass) + auth.adminPassword: $(commonPassword) + ingress.enabled: true + ingress.tls: false + ingress.hostname: TO_BE_FIXED + ingress.ingressClassName: "f5" + ingress.annotations: + ingress.kubernetes.io/allow-http: "false" + ingress.kubernetes.io/ssl-redirect: "true" + virtual-server.f5.com/clientssl: '[ { "hosts": [ "skbroadband.com" ], "bigIpProfile": + "/Common/skbroadband" } ]' + virtual-server.f5.com/health: | + [ + { + "path": "TO_BE_FIXED", + "send": "HTTP GET /", + "interval": 5, + "timeout": 10 + } + ] + virtual-server.f5.com/ip: TO_BE_FIXED + virtual-server.f5.com/partition: TO_BE_FIXED + externalDatabase.host: $(dbHost) + externalDatabase.password: $(commonPassword) + + - name: tks-apis + override: + gitBaseUrl: https://github.com + gitAccount: decapod10 + db: + dbHost: $(dbHost) + adminPassword: $(commonPassword) + dbUser: tksuser + dbPassword: $(commonPassword) + tksapi: + replicaCount: 1 + tksAccount: + password: $(commonPassword) + image: + repository: harbor.taco-cat.xyz/tks/tks-api + pullPolicy: Always + tag: v3.1.0 + args: + kubeconfigPath: "" + + externalGiteaUrl: TO_BE_FIXED + + keycloakAddress: http://keycloak.keycloak.svc.cluster.local/auth + keycloakAdmin: admin + keycloakPassword: $(commonPassword) + + mailProvider: smtp + smtpHost: TO_BE_FIXED + smtpPort: TO_BE_FIXED + smtpUsername: TO_BE_FIXED + smtpPassword: TO_BE_FIXED + smtpFromEmail: TO_BE_FIXED -- name: tks-apis - override: - gitBaseUrl: https://github.com - gitAccount: decapod10 - db: - dbHost: $(dbHost) - adminPassword: $(commonPassword) - dbUser: tksuser - dbPassword: $(commonPassword) - tksapi: - replicaCount: 1 - tksAccount: - password: $(commonPassword) - args: - imageRegistryUrl: "harbor.taco-cat.xyz/appserving" - gitRepositoryUrl: "github.com/openinfradev" - keycloakAddress: http://keycloak.keycloak.svc:80/auth - tksbatch: - replicaCount: 1 - tksconsole: - replicaCount: 1 + tksbatch: + replicaCount: 1 + image: + repository: harbor.taco-cat.xyz/tks/tks-batch + pullPolicy: Always + tag: v3.1.0 + args: + tksApiPassword: $(commonPassword) + tksconsole: + replicaCount: 1 + image: + repository: harbor.taco-cat.xyz/tks/tks-console + pullPolicy: Always + tag: v3.1.0 -- name: harbor - override: - expose: - ingress: - hosts: - core: TO_BE_FIXED - className: "nginx" - externalURL: TO_BE_FIXED - persistence: - persistentVolumeClaim: - registry: - storageClass: $(storageClassHa) - accessMode: ReadWriteMany - size: 200Gi - chartmuseum: - storageClass: $(storageClassHa) - accessMode: ReadWriteMany - size: 20Gi - jobservice: - jobLog: + - name: harbor + override: + ipFamily: + ipv6: + enabled: false + expose: + tls: + enabled: false + ingress: + annotations: + ingress.kubernetes.io/allow-http: "false" + ingress.kubernetes.io/ssl-redirect: "true" + virtual-server.f5.com/clientssl: '[ { "hosts": [ "skbroadband.com" ], "bigIpProfile": + "/Common/skbroadband" } ]' + virtual-server.f5.com/health: | + [ + { + "path": "TO_BE_FIXED", + "send": "HTTP GET /", + "interval": 5, + "timeout": 10 + } + ] + virtual-server.f5.com/ip: TO_BE_FIXED + virtual-server.f5.com/partition: TO_BE_FIXED + hosts: + core: TO_BE_FIXED + className: "f5" + externalURL: TO_BE_FIXED + persistence: + persistentVolumeClaim: + registry: storageClass: $(storageClassHa) accessMode: ReadWriteMany - scanDataExports: + size: 200Gi + chartmuseum: storageClass: $(storageClassHa) accessMode: ReadWriteMany - redis: - storageClass: $(storageClass) - accessMode: ReadWriteOnce - trivy: - storageClass: $(storageClass) - database: - type: external - external: - host: $(dbHost) - password: $(commonPassword) - sslmode: "require" - core: - replicas: 2 - jobservice: - replicas: 2 - registry: - replicas: 2 - chartmuseum: - replicas: 2 - trivy: - replicas: 2 - portal: - replicas: 2 - harborAdminPassword: $(commonPassword) + size: 20Gi + jobservice: + jobLog: + storageClass: $(storageClassHa) + accessMode: ReadWriteMany + scanDataExports: + storageClass: $(storageClassHa) + accessMode: ReadWriteMany + redis: + storageClass: $(storageClass) + accessMode: ReadWriteOnce + trivy: + storageClass: $(storageClass) + database: + type: external + external: + host: $(dbHost) + password: $(commonPassword) + sslmode: "require" + core: + replicas: 2 + jobservice: + replicas: 2 + registry: + replicas: 2 + chartmuseum: + replicas: 2 + trivy: + replicas: 2 + portal: + replicas: 2 + harborAdminPassword: $(commonPassword) -- name: ingress-nginx - override: - controller: - resources: - requests: - cpu: 2000m - memory: 4Gi - service: - externalTrafficPolicy: Local - type: NodePort - config: - enable-underscores-in-headers: "true" - proxy-body-size: "10m" + - name: ingress-nginx + override: + controller: + resources: + requests: + cpu: 2000m + memory: 4Gi + service: + externalTrafficPolicy: Local + type: NodePort + config: + enable-underscores-in-headers: "true" + proxy-body-size: "10m" diff --git a/byoh-suy-reference/service-mesh/site-values.yaml b/byoh-suy-reference/service-mesh/site-values.yaml index 2ac7d0d..248e9b9 100644 --- a/byoh-suy-reference/service-mesh/site-values.yaml +++ b/byoh-suy-reference/service-mesh/site-values.yaml @@ -4,257 +4,169 @@ metadata: name: site global: - clusterName: cluster.local - namespace: tks-msa - imageRegistry: harbor.taco-cat.xyz - serviceMeshControlNodeSelector: - tks-msa: enabled - serviceMeshIngressNodeSelector: - tks-ingressgateway: enabled - serviceMeshEgressNodeSelector: - tks-egressgateway: enabled - ingressGatewayLabel: istio-ingressgateway - egressGatewayLabel: istio-egressgateway + dbHost: ${DATABASE_HOST} + commonPassword: ${COMMON_PASSWORD} + storageClass: ${STORAGE_CLASS} + storageClassHa: ${STORAGE_CLASS_HA} -charts: -- name: cert-manager - override: - image: - repository: $(imageRegistry)/tks/cert-manager-controller - nodeSelector: - tks-msa: enabled - webhook: - image: - repository: $(imageRegistry)/tks/cert-manager-webhook - nodeSelector: - tks-msa: enabled - cainjector: - image: - repository: $(imageRegistry)/tks/cert-manager-cainjector - nodeSelector: - tks-msa: enabled - -- name: k8ssandra-operator - override: - image: - registry: $(imageRegistry) - repository: tks/k8ssandra-operator - tag: v1.6.0 - nodeSelector: - tks-msa: enabled - cleaner: - image: - registry: $(imageRegistry) - repository: tks/k8ssandra-tools - tag: latest - client: - image: - registry: $(imageRegistry) - repository: tks/k8ssandra-tools - tag: latest - cass-operator: - image: - registry: $(imageRegistry) - repository: tks/cass-operator - tag: v1.14.0 - nodeSelector: - tks-msa: enabled -- name: servicemesh-k8ssandra-resource - override: - namespace: $(namespace) - cassandra: - jmxInitContainerImage: - name: busybox - registry: $(imageRegistry)/tks - tag: 1.34.1 - datacenters: - size: 3 - perNodeConfigInitContainerImage: $(imageRegistry)/tks/yq:4 - initContainers: - serverConfigInitImage: $(imageRegistry)/tks/cass-config-builder:1.0-ubi7 - jmxInitContainerImage: - name: busybox - registry: $(imageRegistry)/tks - tag: 1.34.1 - containers: - - name: cassandra - image: $(imageRegistry)/tks/cass-management-api:4.0.6 - - name: server-system-logger - image: $(imageRegistry)/tks/system-logger:v1.14.0 - config: - heapSize: 2048M - storageConfig: - storageClassName: taco-storage - accessModes: ReadWriteOnce - size: 300Gi - racks: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: tks-msa - operator: In - values: - - enabled - stargate: - size: 1 - heapSize: 384M - containerImage: - registry: $(imageRegistry) - repository: tks - tag: v1.0.67 - nodeSelector: - tks-msa: enabled +charts: + - name: keycloak + override: + global.storageClass: $(storageClass) + auth.adminPassword: $(commonPassword) + ingress.enabled: true + ingress.tls: false + ingress.hostname: TO_BE_FIXED + ingress.ingressClassName: "f5" + ingress.annotations: + ingress.kubernetes.io/allow-http: "false" + ingress.kubernetes.io/ssl-redirect: "true" + virtual-server.f5.com/clientssl: '[ { "hosts": [ "skbroadband.com" ], "bigIpProfile": + "/Common/skbroadband" } ]' + virtual-server.f5.com/health: | + [ + { + "path": "TO_BE_FIXED", + "send": "HTTP GET /", + "interval": 5, + "timeout": 10 + } + ] + virtual-server.f5.com/ip: TO_BE_FIXED + virtual-server.f5.com/partition: TO_BE_FIXED + externalDatabase.host: $(dbHost) + externalDatabase.password: $(commonPassword) -- name: istiod - override: - revision: "" - pilot.autoscaleEnabled: false - pilot.traceSampling: 0.1 - pilot.nodeSelector: $(serviceMeshControlNodeSelector) - global.hub: $(imageRegistry)/tks - global.proxy.clusterDomain: $(clusterName) - global.tracer.zipkin.address: jaeger-operator-jaeger-collector.$(namespace):9411 + - name: tks-apis + override: + gitBaseUrl: https://github.com + gitAccount: decapod10 + db: + dbHost: $(dbHost) + adminPassword: $(commonPassword) + dbUser: tksuser + dbPassword: $(commonPassword) + tksapi: + replicaCount: 1 + tksAccount: + password: $(commonPassword) + image: + repository: harbor.taco-cat.xyz/tks/tks-api + pullPolicy: Always + tag: v3.1.0 + args: + kubeconfigPath: "" -- name: istio-ingressgateway - override: - revision: "" - replicaCount: 2 - image: $(imageRegistry)/tks/proxyv2:1.17.2 - autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 5 - targetCPUUtilizationPercentage: 80 - service: - type: NodePort - ports: - - name: status-port - port: 15021 - protocol: TCP - targetPort: 15021 - nodePort: 30013 - - name: http2 - port: 80 - protocol: TCP - targetPort: 80 - nodePort: 30014 - - name: https - port: 443 - protocol: TCP - targetPort: 443 - nodePort: 30015 - resources.requests.cpu: 1000m - resources.requests.memory: 1024Mi - resources.limits.cpu: 2000m - resources.limits.memory: 2048Mi - nodeSelector: $(serviceMeshIngressNodeSelector) + externalGiteaUrl: TO_BE_FIXED -- name: istio-egressgateway - override: - revision: "" - replicaCount: 1 - image: $(imageRegistry)/tks/proxyv2:1.17.2 - autoscaling.enabled: false - service.type: ClusterIP - #resources.requests.cpu: 1000m - #resources.requests.memory: 1024Mi - #resources.limits.cpu: 2000m - #resources.limits.memory: 2048Mi - nodeSelector: $(serviceMeshEgressNodeSelector) + keycloakAddress: http://keycloak.keycloak.svc.cluster.local/auth + keycloakAdmin: admin + keycloakPassword: $(commonPassword) -- name: jaeger-operator - override: - image: - repository: $(imageRegistry)/tks/jaeger-operator - tag: 1.35.0 - nodeSelector: $(serviceMeshControlNodeSelector) + mailProvider: smtp + smtpHost: TO_BE_FIXED + smtpPort: TO_BE_FIXED + smtpUsername: TO_BE_FIXED + smtpPassword: TO_BE_FIXED + smtpFromEmail: TO_BE_FIXED -- name: servicemesh-jaeger-resource - override: - namespace: tks-msa - sampling.param: 10 - collector.resources.requests.cpu: 500m - collector.resources.requests.memory: 1024Mi - collector.resources.limits.cpu: 1000m - collector.resources.limits.memory: 2048Mi - collector: - image: $(imageRegistry)/tks/jaeger-collector:1.35.0 - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: tks-msa - operator: In - values: - - enabled - storage: - type: cassandra - cassandra: - options: - servers: cassandra-dc-service.tks-msa.svc - keyspace: jaeger_v1_datacenter - cassandraCreateSchema: - image: $(imageRegistry)/tks/jaeger-cassandra-schema:1.35.0 - dependencies: - enabled: true - image: $(imageRegistry)/tks/spark-dependencies:1.35.0 - query: - image: $(imageRegistry)/tks/jaeger-query:1.35.0 - basePath: / - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: tks-msa - operator: In - values: - - enabled - agent: - image: $(imageRegistry)/tks/jaeger-agent:1.35.0 - cassandra: - user: - enabled: true - username: tks - password: tksword - nodeSelector: - tks-msa: enabled - elasticsearch.user.enabled: false + tksbatch: + replicaCount: 1 + image: + repository: harbor.taco-cat.xyz/tks/tks-batch + pullPolicy: Always + tag: v3.1.0 + args: + tksApiPassword: $(commonPassword) + tksconsole: + replicaCount: 1 + image: + repository: harbor.taco-cat.xyz/tks/tks-console + pullPolicy: Always + tag: v3.1.0 -- name: kiali-operator - override: - image: - repo: $(imageRegistry)/tks/kiali-operator - tag: v1.63.0 - nodeSelector: $(serviceMeshControlNodeSelector) + - name: harbor + override: + ipFamily: + ipv6: + enabled: false + expose: + tls: + enabled: false + ingress: + annotations: + ingress.kubernetes.io/allow-http: "false" + ingress.kubernetes.io/ssl-redirect: "true" + virtual-server.f5.com/clientssl: '[ { "hosts": [ "skbroadband.com" ], "bigIpProfile": + "/Common/skbroadband" } ]' + virtual-server.f5.com/health: | + [ + { + "path": "TO_BE_FIXED", + "send": "HTTP GET /", + "interval": 5, + "timeout": 10 + } + ] + virtual-server.f5.com/ip: TO_BE_FIXED + virtual-server.f5.com/partition: TO_BE_FIXED + hosts: + core: TO_BE_FIXED + className: "f5" + externalURL: TO_BE_FIXED + persistence: + persistentVolumeClaim: + registry: + storageClass: $(storageClassHa) + accessMode: ReadWriteMany + size: 200Gi + chartmuseum: + storageClass: $(storageClassHa) + accessMode: ReadWriteMany + size: 20Gi + jobservice: + jobLog: + storageClass: $(storageClassHa) + accessMode: ReadWriteMany + scanDataExports: + storageClass: $(storageClassHa) + accessMode: ReadWriteMany + redis: + storageClass: $(storageClass) + accessMode: ReadWriteOnce + trivy: + storageClass: $(storageClass) + database: + type: external + external: + host: $(dbHost) + password: $(commonPassword) + sslmode: "require" + core: + replicas: 2 + jobservice: + replicas: 2 + registry: + replicas: 2 + chartmuseum: + replicas: 2 + trivy: + replicas: 2 + portal: + replicas: 2 + harborAdminPassword: $(commonPassword) -- name: servicemesh-kiali-resource - override: - namespace: tks-msa - istioNamespace: tks-msa - deployment.namespace: tks-msa - deployment.image_name: $(imageRegistry)/tks/kiali - deployment.image_version: v1.63.0 - deployment.resources.requests.cpu: 500m - deployment.resources.requests.memory: 512Mi - deployment.resources.limits.cpu: 1000m - deployment.resources.limits.memory: 1024Mi - deployment.nodeSelector: - tks-msa: enabled - auth.strategy: anonymous - externalServices.istio.configMapName: istio - externalServices.istio.istioIdentityDomain: svc.$(clusterName) - externalServices.prometheus.url: http://lma-prometheus.lma.svc:9090 - externalServices.tracing.inClusterUrl: http://jaeger-operator-jaeger-query.tks-msa:16686 - externalServices.tracing.url: https://jaeger-v2.taco-cat.xyz - externalServices.tracing.useGrpc: false - externalServices.grafana.auth.type: basic - externalServices.grafana.auth.username: admin - externalServices.grafana.auth.password: password - externalServices.grafana.inClusterUrl: http://grafana.lma.svc:80 - externalServices.grafana.url: https://grafana-v2.taco-cat.xyz - server.webRoot: / + - name: ingress-nginx + override: + controller: + resources: + requests: + cpu: 2000m + memory: 4Gi + service: + externalTrafficPolicy: Local + type: NodePort + config: + enable-underscores-in-headers: "true" + proxy-body-size: "10m"